amap.c

来自「Ubuntu packages of security software。 相」· C语言 代码 · 共 1,683 行 · 第 1/5 页

/* AMAP - application mapper Copyright (c) 2003 van Hauser and DJ.RevMoon
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.    
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *    
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

// INCLUDES //
#include "amap-inc.h"
#include "amap.h"

#ifdef OPENSSL
RSA *amap_rsa = NULL;
#endif


// HELP //
void help(char *prg) {
  printf("%s v%s (c) %s by %s <%s> %s\n", AMAP_PROGRAM, AMAP_VERSION, AMAP_YEAR, AMAP_AUTHOR, AMAP_EMAIL, AMAP_RESOURCE);
  printf("Syntax: %s [-A|-B|-P|-W] [-1buSRHUdqv] [[-m] -o <file>] [-D <file>] [-t/-T sec] [-c cons] [-C retries] [-p proto] [-i <file>] [target port [port] ...]\n", prg);
  printf("Modes:\n");
  printf("  -A         Map applications: send triggers and analyse responses (default)\n");
  printf("  -B         Just grab banners, do not send triggers\n");
  printf("  -P         No banner or application stuff - be a (full connect) port scanner\n");
  printf("  -W         Web Update - online update the application fingerprint database!\n");
  printf("Options:\n");
  printf("  -1         Only send triggers to a port until 1st identification. Speeeeed!\n");
  printf("  -b         Print ascii banner of responses\n");
  printf("  -i FILE    Nmap machine readable outputfile to read ports from\n");
  printf("  -u         Ports specified on commandline are UDP (default is TCP)\n");
#ifdef OPENSSL
  printf("  -S         Do NOT look behind an SSL port\n");
#endif
  printf("  -R         Do NOT identify RPC service\n");
  printf("  -H         Do NOT send application triggers marked as potentially harmful\n");
  printf("  -U         Do NOT dump unrecognised responses (better for scripting)\n");
  printf("  -d         Dump all responses\n");
  printf("  -v         Verbose mode, use twice (or more!) for debug (not recommended :-)\n");
  printf("  -q         Do not report closed ports, and do not print them as unidentified\n");
  printf("  -o FILE    Write output to file FILE\n");
  printf("  -m         Make output to file (-o) machine-readable (colon-separated list)\n");
  printf("  -c CONS    Amount of parallel connections to make (default %d, max %d)\n", AMAP_DEFAULT_TASKS, AMAP_MAX_TASKS);
  printf("  -C RETRIES Number of reconnects on connect timeouts (see -T) (default %d)\n", AMAP_MAX_CONNECT_RETRIES);
  printf("  -T SEC     Connect timeout on connection attempts in seconds (default %d)\n", AMAP_CONNECT_TIME);
  printf("  -t SEC     Response wait timeout in seconds (default %d)\n", AMAP_RESPONSE_TIME);
  printf("  -p PROTO   Only send triggers for this protocol (e.g. ftp)\n");
  printf("  -D FILE    Read from Definitions FILE[.trig|.resp|.rpc] instead of default\n");
  printf("  -h         Print this shit\n");
  printf("  TARGET PORT   The target address and port(s) to scan (additional to -i)\n");
  printf("%s is a tool to identify application protocols on target ports.\n", AMAP_PROGRAM);
#ifndef OPENSSL
  printf("Note: this version was NOT compiled with SSL support!\n");
#endif
  printf("Usage hint: Options \"-bqv\" are recommended, add \"-1\" for fast/rush checks.\n");
  exit(-1);
}


// AMAP_ERROR - partial rip from vh-lib //
void amap_error(char *string, ...) {
  va_list ap;
  char *ptr;

  fprintf(stderr, "Error: ");
  va_start(ap, string);
  for (ptr = string; *ptr != '\0'; ptr++) {
    if (*ptr == '%') {
      ptr++;
      switch(*ptr) {
        case 's': fprintf(stderr, "%s", va_arg(ap, char *));
          break;
        case 'd': fprintf(stderr, "%d", va_arg(ap, int));
          break;
        case 'c': fprintf(stderr, "%c", va_arg(ap, int));
          break;
        default:  fprintf(stderr, "%c", *ptr);
      }
    } else
      fprintf(stderr, "%c", *ptr);
  }
  fprintf(stderr, "\n");
  va_end(ap);
  exit(-1);
}


// AMAP_WARN - partial rip from vh-lib //
void amap_warn(char *string, ...) {
  va_list ap;
  char *ptr;

  printf("Warning: ");
  va_start(ap, string);
  for (ptr = string; *ptr != '\0'; ptr++) {
    if (*ptr == '%') {
      ptr++;
      switch(*ptr) {
        case 's': printf("%s", va_arg(ap, char *));
          break;
        case 'd': printf("%d", va_arg(ap, int));
          break;
        case 'c': printf("%c", va_arg(ap, int));
          break;
        default:  printf("%c", *ptr);
      }
    } else
      printf("%c", *ptr);
  }
  printf("\n");
  va_end(ap);
}


// AMAP_GET_DATA_TOKEN - partial rip from vh-lib //
char *amap_get_data_token(char *data, char token) {
  static char vdata[AMAP_MAXTOKENLEN] = "";
  char search[4] = "#X:";
  char *ptr;

  search[1] = token;
  if (strncmp(data, "###", 3) != 0) {
//    amap_warn("invalid or missing version data: %s", data);
    return(vdata);
  }
  if ((ptr = strstr(data, search)) == NULL) {
//    amap_warn("missing token in data: %s", data);
    return(vdata);
  }
  
  memcpy(vdata, ptr + 3, sizeof(vdata)-1);
  vdata[sizeof(vdata) - 1] = 0;
  if ((ptr = index(vdata, '#')) == NULL) {
//    amap_error("invalid or missing version string in webfile: %s", data);
    strcpy(vdata, "");
    return(vdata);
  }
  *ptr = 0;
  return(vdata);
}


// AMAP_WEBUPDATE_FILE - partial rip from vh-lib //
int amap_webupdate_file(char *webfile, char *localfile, int checkversion, int ask) {
  int len = strlen("http://");
  int wlen = strlen(webfile);
  int port = 80, s, result = 1, datalen = 0, version = -1, newversion;
  unsigned long int ip;
  time_t epoch;
  struct in_addr in;
  struct hostent *target;
  struct sockaddr_in addr;
  struct tm *the_time;
  char *url, *ptr, *data = NULL, *filedata;
  char *host = malloc(strlen(webfile));
  char *request = malloc(AMAP_WEBBUFLEN + wlen);
  char datetime[64] = "";
  FILE *f;

  if (strncmp(webfile, "http://", len) != 0)
    amap_error("webfile location is missing http://: %s", webfile);
  if ((url = index(webfile + len, '/')) == NULL)
    amap_error("webfile definition is missing a web file location: %s", webfile);
  memset(host, 0, wlen);
  memset(request, 0, AMAP_WEBBUFLEN + wlen);
  memcpy(host, webfile + len, url - (webfile + len));
  if (index(host, '@') != NULL)
    amap_error("authentication not supported: %s", host);
  if ((ptr = index(host, ':')) != NULL) {
    *ptr++ = 0;
    port = atoi(ptr);
    if (port < 1 || port > 65535)
      amap_error("invalid port: %s", ptr);
  }
  snprintf(request, AMAP_WEBBUFLEN + wlen, "GET %s HTTP/1.0\r\nHost: %s:%d\r\nUser-Agent: %s %s\r\n\r\n", url, host, port, AMAP_PROGRAM, AMAP_VERSION);

#ifndef CYGWIN
  if (inet_pton(AF_INET, host, &in) <= 0) {
#else
  if (inet_aton(host, &in) <= 0) {
#endif
    if ((target = gethostbyname(host)) != NULL)
      memcpy((char*)&ip, (char*)target->h_addr, 4);
    else
      amap_error("could not resolve host: %s", host);
  } else
    memcpy((char*)&ip, (char*)&in.s_addr, 4);
  if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
    amap_error("could not get a socket");
  setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &result, sizeof(result));
  addr.sin_port = htons(port);
  addr.sin_family = AF_INET;
  memcpy(&addr.sin_addr.s_addr, &ip, 4);
  if (connect(s, (struct sockaddr *) &addr, sizeof(addr)) < 0)
    amap_error("could not connect to host: %s", host);

  if (send(s, request, strlen(request), 0) < 0)
    amap_error("web site closed connection");
  memset(request, 0, AMAP_WEBBUFLEN + wlen);
  
  while ((len = recv(s, request, AMAP_WEBBUFLEN, 0)) > 0) {
    if (data == NULL)
      data = malloc(len);
    else
      data = realloc(data, datalen + len);
    memcpy(data + datalen, request, len);
    datalen += len;
    memset(request, 0, AMAP_WEBBUFLEN);
  }
  close(s);

  // prevent memory access voilation if no version data is present
  data = realloc(data, datalen + AMAP_MAXTOKENLEN);
  memset(data + datalen, 0, AMAP_MAXTOKENLEN);

  if (strncmp(data, "HTTP/", strlen("HTTP/")) != 0)
    amap_error("invalid http response: %s", data);
  if (strncmp(data + strlen("HTTP/1.0 "), "200", 3) != 0)
    amap_error("file could not be found by web server: %s", data);
  if ((filedata = strstr(data, "\r\n\r\n")) == NULL)
    amap_error("no data found in response: %s", data);
  filedata += 4;
  datalen = datalen - (filedata - data);

  // versioncheck > 0 - check version information on file
  // format: "###V:104#P:1.0#D:1231231231#M:Have fun!###DO NOT EDIT THIS LINE!"
  if (checkversion) {
    if ((f = fopen(localfile, "r")) != NULL) {
      memset(request, 0, AMAP_WEBBUFLEN);
      fread(request, AMAP_WEBBUFLEN - AMAP_MAXTOKENLEN, 1, f);
      version = atoi(amap_get_data_token(request, 'V'));
      fclose(f);
    }
    
    if (version >= atoi(amap_get_data_token(filedata, 'V'))) {
      printf("No new updates for file %s available\n", localfile);
      free(request);
      free(host);
      free(data);
      return -1;
    }
  }

  // if ask > 0 - ask if overwrite file
  if (ask) {
    printf("Please confirm updating of file %s [YES(default)/no]: ", localfile);
    result = fgetc(stdin);
    if (result == 'N' || result == 'n')
      return -1;
  }
  
  // get other data
  if ((epoch = strtoul(amap_get_data_token(filedata, 'D'), NULL, 10)) > 1000000000) {
    the_time = localtime(&epoch);
    strftime(datetime, sizeof(datetime), " (data from %Y-%m-%d %H:%M:%S)", the_time);
  }
  
  // write file
  if ((f = fopen(localfile, "w")) == NULL)
    amap_error("can not write file %s", localfile);
  fwrite(filedata, datalen, 1, f);
  fclose(f);
  printf("File %s successfully updated%s\n", localfile, datetime);

  // msg check
  ptr = amap_get_data_token(filedata, 'M');
  if (strlen(ptr) > 0) {
    printf("This update comes with the following message:\n\"%s\"\n", ptr);
  }

  // main program version check
  ptr = amap_get_data_token(filedata, 'P');
  if (strlen(ptr) > 2) {
    if (strcmp(ptr, AMAP_VERSION) != 0)
      printf("A new version of %s is available! You are using v%s, current is v%s.\nGo and download from %s !\n", AMAP_PROGRAM, AMAP_VERSION, ptr, AMAP_RESOURCE);
  }

  free(request);
  free(host);
  free(data);
  return 0;
}


#ifdef OPENSSL
// AMAP_SSL_TEMP_RSA_CB //
RSA *amap_ssl_temp_rsa_cb(SSL *ssl, int export, int keylength) {
  if (amap_rsa == NULL)
    amap_rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
  return amap_rsa;
}
#endif


// AMAP_OPEN_FILE //
FILE *amap_open_file(char *fnam, char *type, char *extension, int verbose) {
  char file_name[256];
  FILE *f = NULL;

  if (fnam != NULL) {
    strncpy(file_name, fnam, sizeof(file_name) - strlen(extension) - 1);
    file_name[sizeof(file_name) - strlen(extension) - 1] = 0;
    strcat(file_name, extension);
    f = fopen(file_name, "r");
  } else {
    strcpy(file_name, "./");
    strcat(file_name, AMAP_DEFAULT_FILENAME);
    strcat(file_name, extension);
    if ((f = fopen(file_name, "r")) == NULL) {
      strcpy(file_name, AMAP_APPDEF_PATH);
      if (file_name[strlen(file_name) - 1] != '/')
        strcat(file_name, "/");
      strcat(file_name, AMAP_DEFAULT_FILENAME);
      strcat(file_name, extension);
      f = fopen(file_name, "r");
    }
  }
  if (f == NULL)
    amap_error("can not open %s file: %s", type, file_name);
  else 
    if (verbose)
      printf("Using %s file %s ... ", type, file_name);
  return f;
}


// AMAP_STRDUP //
char *amap_strdup(char *string) {